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A Fuzzy Logic-Based Financial 
Transaction System 



An ATM's digital safeguards 
depend on analog information- 
gathering techniques. One of the 
best ways to improve on magnetic 
stripe precision is through the use 
of fuzzy logic. 
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In the early days of credit cards, 
fighting fraud was as simple as 
issuing a weekly bulletin listing 
the numbers of lost or stolen 
cards. But as the credit card 
market has grown, so has the sophisti- 
cation of crooks to bilk merchants, 
card issuers, and consumers out of mil- 
lions of dollars. Card fraud is a big 
business, and criminals are finding 
ways to circumvent the industry's most 
sophisticated security measures. 

Experts estimate that in 1993, the 
total credit card fraud loss in the U.S. 
ran close to a billion dollars, up from 
$864 million in 1992.' One of the 
fastest growing types of fraud involves 
counterfeiting valid cards. MasterCard 
International reportedly lost $113 mil- 
lion in 1993 to card counterfeiting, and 
Visa International is reported to have 
lost roughly $ 1 60 million to card coun- 
terfeiting in the same period. 

Counterfeiting also costs consumers 
millions of dollars each year. By law, if 
the card issuer determines that the cus- 
tomer has been defrauded, the victim is 
not liable for losses over $50. In many 
cases, the issuer may simply eat the 
$50. But in some cases, the card issuer 
may refuse to cover the loss on the 
grounds of insufficient proof of fraud. 

Card issuers have taken steps to 
thwart card counterfeiting. Holograms 
were introduced in the 1980s to make 
cards harder to copy. Unfortunately, 
counterfeiters are now able to make 
such close replicas of valid cards that 
it's virtually impossible for a store 
clerk to tell if a particular card is legit- 
imate. Joel Lisker, vice president of 
security and risk management at 
MasterCard, is reported to have said, 
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Despite all the 
hype about smart 
cards, magnetic 
stripe-based cards 
will be around for 
a long while yet. 



"The quality of Chinese counterfeiting 
is so good that only experts can tell the 
difference between a genuine and sim- 
ulated hologram." 2 

IMPROVING SECURITY 

Recently, card issuers have start- 
ed adding new, hard-to-copy 
codes to the magnetic stripe to 
make counterfeiting more difficult. 
The code uses a secret algorithm to 
generate a three-digit number based on 
the account number and expiration 
date. This secret value is then encoded 
onto the magnetic stripe of a new card. 
Knowing the account number and 
expiration date is not enough informa- 
tion for a crook to successfully coun- 
terfeit a valid card; a counterfeiter 
would also have to know the mathe- 
matical algorithm. 

MasterCard calls this code the Card 
Validation Code (CVC), and Visa calls 
its version Card Verification Value 
(CVV). Unfortunately, many retail 
outlets have not upgraded their credit 
card verification code scanners to 
accurately check valid codes. Master- 
Card and Visa require new card issuers 
to include this code on the magnetic 
stripe of newly issued credit cards and 
are encouraging merchants to update 
their credit card verification scanners. 

In the Asia-Pacific region, a hotbed 
of credit card counterfeiting, the intro- 
duction of CVC and CW has cut 
MasterCard's and Visa's losses some- 
what. Card companies know they can't 
afford to let down their guard and that 




it's only a matter of time before they'll 
need newer, more sophisticated 
weapons against card counterfeiting. 

Also, the new codes do nothing to 
thwart card "skimming," a fast-grow- 
ing form of card counterfeiting in 
which a valid card is obtained and the 
counterfeiter copies or skims all the 
information from the magnetic stripe, 
including the new hard-to-copy codes. 
"We think (the code) is an interim 
stand-in measure," Visa senior vice 
president Steve Ruwe is quoted as say- 
ing. "It doesn't deal with skimming." 

Some concepts being explored to 
improve the security of credit cards 
include "smart cards," which contain 
computer chips with non-volatile 
memory (usually EEPROM) and some 
intelligence in the form of a small 
microcontroller or specialized logic to 
secure the information contained in the 
memory and other intelligent features. 

Smart cards have received much 
press coverage despite the fact that 
magnetic stripe-based cards are used 
more often than smart cards by several 
orders of magnitude. Smart cards are 
being touted (particularly in Europe) as 



the answer to the industrialized 
world's march towards a cashless soci- 
ety. Smart cards are envisioned as 
being the solution for enhanced securi- 
ty, as well as providing additional 
intelligent features for credit cards, 
debit cards, telephone charge cards, 
bank ATM cards, and a wide variety of 
other applications. It is not clear yet 
exactly what intelligent features con- 
sumers will desire from smart cards. 

Despite all the hype about smart 
cards, magnetic stripe-based cards will 
be around for a long while yet. For one 
thing, there is a huge installed base of 
magnetic stripe credit card readers at 
the merchant locations. To phase this 
installed base over to smart card read- 
ers would be a tremendously expensive 
venture. And the cost of smart cards is 
roughly an order of magnitude more 
than the cost of magnetic stripe-based 
cards. Banks and new card issuers will 
not make the decision to change over 
from magnetic stripe-based cards to 
smart chip cards unless consumer 
demand for new intelligent features 
(beyond enhanced security) is strong 
enough to justify the huge expense. 
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This may not happen anytime soon. 

One company, XTec Inc., has 
designed a magnetic stripe-based card 
system called XSec that answers many 
security concerns and compares very 
favorably with smart cards in many 
respects. 3 The company is engaging its 
fuzzy logic-based system with card 
companies, banks, vending machine 
distributors, and people interested in a 
secure magnetic stripe card system. 

FUZZY LOGIC-BASED SYSTEM 

The XSec system uses the natur- 
al magnetic "jitter" of the data 
encoded on the magnetic stripe 
of a card to verify its authenticity. Jitter 
is present on any magnetically encoded 
card, and every card stripe is physical- 
ly different. The signature of the card 
is determined every time the card is 
read and is compared with the original 
signature value. The signature value 
will be the same if the card is genuine. 
A counterfeit card will produce a dif- 
ferent signature. The original signature 
may be stored on the card, or online in 
the system. The system effectively 
thwarts card counterfeiting, including 
skimming, since the signature of each 
magnetic stripe card is unique. 

Most credit card readers on the mar- 
ket use integral detectors for reading 
data. The biggest problem with integral 
detectors is that they are sensitive to 
wear and degradation of the magnetic 
stripe, which affects the read reliability 
of integral readers. Many professionals 
in magnetic stripe technology believe 
that jitter is a variable and serious 
problem in magnetic stripe reading. 
However, when true peak detectors are 
used, this criticism is not valid. True 
peak detectors are being used more fre- 
quently in readers designed to read 
magnetic cards with a greater degree of 
reliability than conventional readers. 

In a true peak detector, only the 
position of the peak of the voltage 
waveform from the magnetic head is 
used for decoding. This corresponds to 
the zero crossing of the flux of the 
magnetic card. This position is very 
stable and insensitive to wear and dam- 



age. The peak position measurement is 
therefore a very reliable method for 
reading and securing cards. 

In this system, jitter is measured to a 
precision of better than 0.5% by means 
of simple inexpensive digital tech- 
niques. Jitter as small as 1% allows 
reliable security for any card. 

To determine the data decoding 
security characteristic for a card, the 
reader measures the intervals between 
flux reversals on the card, which corre- 
spond to the peak of the voltage wave- 
form from the magnetic head, as 
shown in Figure I. Data from the inter- 
val measurements is used to determine 
the security characteristic of the card. 

If any data is damaged or missing 
from the card, it can be reconstructed 
by digital data processing with the 
error-correcting codes already on the 
card, significantly enhancing card reli- 
ability. Conventional readers have 
great difficulty reconstructing lost data. 

The system also utilizes some pro- 
prietary techniques that further 
improve the read reliability of cards. 

Lost or damaged data and read- 
induced errors do not affect the securi- 
ty reliability, since fuzzy logic tech- 
niques are used in security key deter- 
mination and subsequent card authenti- 



cation. Such fuzzy logic techniques 
allow some differences between indi- 
vidual card reads. If some of the events 
of the "fuzzy data set" are not the 
same, the card may be authenticated, 
provided most of the events in the 
fuzzy data set are the same. Table 1 
shows some fuzzy data sets for the 
same card read multiple times at differ- 
ent points in a field trial of the system. 
This magnetic stripe card system com- 
pares favorably with smart card 
approaches in several important areas, 
as shown in Table 2. 

WHY FUZZY LOGIC? 

In effect, this application is a pat- 
tern recognition type of applica- 
tion that uses the magnetic jitter 
patterns of a magnetic stripe to form a 
signature for the stripe. The signature 
is made up of a fuzzy data set. Fuzzy 
logic is particularly well suited for mis 
type of application. 

First, fuzzy logic software allows 
the use of a low-cost, high-perfor- 
mance 8-bit microcontroller such as 
Microchip's PIC17C42, which offers 
the execution throughput, peripheral 
features, and software code protection 
necessary for this application. A more 
mathematically intensive approach 
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TABLE 1 

Normal fuzzy data set. 



, , .. 
Date 


Time 




6/17/93 


15:39:01 


04 03 12 OF 05 03 03 01' OAOl 00 00 07 OD -01 05 05-21 OD 05' FF OD OD 01 OF OB 08 01 04.0401 OC 


6/19/93 


9:12:03 


04 03 OA OF 05 03 03 01 OAOl 00 00 07 OD 01 05 05 21 OD 03 FFOD 15 09 17 13 OS 


31 04 04 01 OC 


6/26/93- 


11:23:22 


04 03 1A OF 05 03 03 01 05 01 00 08- 07 OD 'Ol 05 05 21 15 03 07 OD 15 09 OF. 13 08 0! 04*04 01 OC 


6/28/93 


13:15:19 


04 03 lA'OFOS 03 03 01 OAOl 00 08 07 OD 01 OS 05 19 15 03 07 OD 15 09 OF 13 08 


Jl 04 04,01 OC 


7/2/93- 


16:11:22 


04 03 OA OF 05 03 03 01 02 01 00 00 07 0D : 0105 05 21 OD 03 FF 05 15''09 0F OB 08 01 04 04 01 04 , 


,7(10/93 


18:40:14 


04 03 OA OF 05 03 03 01 OA Ol 00 00 07 OD 01 05 05 19 OD 03 07 OD 15 09 OF OB 10 






17:26:23 


04 03 OA OF 05 03 03 01 OAOl 00 00 07 OD 0105 05 19 15 15 07 0D 15 09 07 < : J 




■7/17/93 


8:52:04 


04 03 OA 01 05 03 03 01 05 01 03 08 07 15 : 01 05 0D21 15 • 15 07 OD ID 08 0F'-13 08 




"7/26/93 


19:53:31 


04 03 OA 07 05 03 03 01 02 01 00 00 07 OD 0105 OS 19 ODOS 07 OD 15 09 OF OB. 08 


"i 04 04.01 CC 











based on complex statistical analysis 
would require a much more expensive 
processor or DSP. Because the fuzzy 
logic algorithm is considerably shorter 
and simpler than other approaches, the 
performance of the 8-bit microcon- 
troller is more than adequate to provide 
real-time card reading control and 
fuzzy logic card authentication. 

Fuzzy logic dramatically shortens 
the system development time since 
membership functions and a set of 
fuzzy rules defined as linguistic state- 
ments are much easier to define than a 
complex mathematical model that sta- 
tistically analyzes the magnetic stripe. 
Even a very large look-up table 
approach would take considerable time 
to define. User-friendly fuzzy logic 
software development tools with a 
graphical interface, such as fuzzy- 
TECH-MP from Inform Software 
Corp., can speed fuzzy logic code 
development and debugging. 

A fuzzy logic approach can more 
easily adapt to changing conditions 
such as moving from one reader to 
another. If some of the incoming data 
from the readers is incorrect, the fuzzy 
logic algorithm may determine correct- 
ly that a card is genuine. For example, 
in Table 1, the fuzzy logic algorithm 
correctly recognized the same card as 
being genuine, even though some num- 
bers in the fuzzy data set were different 
during different readings. Fuzzy logic 
can more naturally handle variations 
from the magnetic stripe readers. 

Also, the fuzzy logic algorithm can 
more easily be adapted to different 



TABLE 2 

Comparison of magnetic stripe cards to smart cards. 
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powerful new capabilities. Experience tne raw power dnu staiiny 
field-tested development tools yourself. Be ready to kick a little butt and rest 
assured that Team Paradigm is here to back you up. 




cards for different applications. Credit 
cards, debit cards, security entrance 
cards, bank ATM cards, and train and 
subway cards could use variations on 
basically the same fuzzy logic algo- 
rithm. The time and cost to modify the 
fuzzy logic algorithm is not large com- 
pared to other approaches. 

Fuzzy logic can be used effectively 
to reconstruct lost data. With the XSec 
system, even severely scratched mag- 
netic stripes can be read and used. To 
accomplish this using other more 
math-intensive statistical analysis 
would be much more difficult. 

In this article, we reviewed the prob- 
lem of credit card security and 
explored some of the actions credit 
card companies have taken to reduce 
credit card fraud. We described an 
enhanced magnetic stripe-based sys- 
tem based on fuzzy logic that dramati- 
cally improves the security of magnet- 
ic stripe cards. We compared this sys- 
tem to smart cards and found that the 
enhanced magnetic stripe card system 
offers enhanced card security and 
some other advantages of the smart 
cards at a much lower cost. Finally, we 
learned that fuzzy logic is particularly 
well suited for this type of pattern- 
recognition application, and it can dra- 
matically ease the system development 
process. B-'J 
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